image: node:alpine # Use latest version of Node.js on Alpine cache: # add cache to 'node_modules' for speeding up builds paths: - node_modules/ # Node modules and dependencies test: before_script: - 'which ssh-agent || (apk update && apk add openssh-client git)' - npm install --only=prod script: - npm install --only=prod snyk && npm run snyk # Refer to "scripts" in package.json - ls node_modules/.bin - npm run hexo # Update github mirror after_script: # Import SSH key - eval $(ssh-agent -s) - echo "$GH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts # (workaround) force exit code 0 - ssh -T git@github.com || ":" - git remote add mirror git@github.com:curbengh/blog.git # Discard changes before checking out branch - git reset HEAD --hard - git checkout master && git push mirror master - git checkout site && git push mirror site rules: # Skip in renovate job - if: '$RENOVATE == "true"' when: never # Only trigger through push event in master branch - if: '$CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "push"' when: always # Only trigger through "Run pipeline" in master branch - if: '$CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "web"' when: always renovate: # Check dependency update before_script: - npm install --only=prod script: - npm install --only=prod renovate - npm run renovate rules: # Only trigger when environment variable matches and through schedule in master branch - if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "schedule"' when: always # Only trigger when environment variable matches and through "Run pipeline" in master branch - if: '$RENOVATE == "true" && $CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "web"' when: always # # Uncomment below (and comment/remove above) lines for gitlab pages # image: node:latest # Use latest version of Node.js # pages: # cache: # add cache to 'node_modules' for speeding up builds # paths: # - node_modules/ # Node modules and dependencies # script: # - npm install -g snyk hexo-cli # - npm install # install node modules # - snyk auth $SNYK_TOKEN # - snyk protect # Apply patches to node modules # - snyk test # Check node modules for vulnerability # - hexo deploy # deploy the site. # artifacts: # paths: # - public # deploy to the 'public' folder. # only: # - master # this job will affect only the 'master' branch